CVE-2023-41086

moderate-risk
Published 2023-10-03

Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.

Do I need to act?

-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (12)

Acera 1210 Firmware
Acera 1150I Firmware
Acera 1150W Firmware
Acera 1110 Firmware
Acera 1020 Firmware
Acera 1010 Firmware
Acera 950 Firmware
Acera 850F Firmware
Acera 900 Firmware
Acera 850M Firmware
Acera 810 Firmware
Acera 800St Firmware

Affected Vendors

Furunosystems

References (4)

Third Party Advisory https://jvn.jp/en/vu/JVNVU94497038/
Vendor Advisory https://www.furunosystems.co.jp/news/info/vulner20231002.html
Third Party Advisory https://jvn.jp/en/vu/JVNVU94497038/
Vendor Advisory https://www.furunosystems.co.jp/news/info/vulner20231002.html
48
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 17/34 · Moderate